WARNING: refcount bug in qrtr_recvmsg
23 views
Skip to first unread message
syzbot
Sep 7, 2020, 5:38:22 PM9/7/20
to bjorn.a...@linaro.org, da...@davemloft.net, ku...@kernel.org, linux-...@vger.kernel.org, manivannan...@linaro.org, net...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c70672d8 Merge tag 's390-5.9-5' of git://git.kernel.org/pu..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=163f0c31900000
kernel config: https://syzkaller.appspot.com/x/.config?x=bd46548257448703
dashboard link: https://syzkaller.appspot.com/bug?extid=d0f27d9af17914bf253b
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=124cc6a5900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11436195900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d0f27d...@syzkaller.appspotmail.com
------------[ cut here ]------------
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 0 PID: 118 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0 lib/refcount.c:25
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 118 Comm: kworker/u4:3 Not tainted 5.9.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: qrtr_ns_handler qrtr_ns_worker
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fd lib/dump_stack.c:118
panic+0x347/0x7c0 kernel/panic.c:231
__warn.cold+0x20/0x46 kernel/panic.c:600
report_bug+0x1bd/0x210 lib/bug.c:198
handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234
exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254
asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:refcount_warn_saturate+0x169/0x1e0 lib/refcount.c:25
Code: 07 31 ff 89 de e8 e7 df d8 fd 84 db 0f 85 36 ff ff ff e8 9a e3 d8 fd 48 c7 c7 00 dc 93 88 c6 05 67 18 12 07 01 e8 09 e7 a9 fd <0f> 0b e9 17 ff ff ff e8 7b e3 d8 fd 0f b6 1d 4c 18 12 07 31 ff 89
RSP: 0018:ffffc900013479d8 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff8880a8dd4000 RSI: ffffffff815db9a7 RDI: fffff52000268f2d
RBP: 0000000000000002 R08: 0000000000000001 R09: ffff8880ae620f8b
R10: 0000000000000000 R11: 0000000038313154 R12: ffff88821b0f4040
R13: ffff888095619c00 R14: ffff8880a87eb7f0 R15: ffff8880a87eb7f4
refcount_add include/linux/refcount.h:204 [inline]
refcount_inc include/linux/refcount.h:241 [inline]
kref_get include/linux/kref.h:45 [inline]
qrtr_node_acquire net/qrtr/qrtr.c:196 [inline]
qrtr_node_lookup net/qrtr/qrtr.c:388 [inline]
qrtr_send_resume_tx net/qrtr/qrtr.c:980 [inline]
qrtr_recvmsg+0x845/0x970 net/qrtr/qrtr.c:1043
sock_recvmsg_nosec net/socket.c:885 [inline]
sock_recvmsg net/socket.c:903 [inline]
sock_recvmsg net/socket.c:899 [inline]
kernel_recvmsg+0x110/0x160 net/socket.c:928
qrtr_ns_worker+0x15a/0x14fc net/qrtr/ns.c:624
process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Shutting down cpus with NMI
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: c70672d8 Merge tag 's390-5.9-5' of git://git.kernel.org/pu..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=163f0c31900000
kernel config: https://syzkaller.appspot.com/x/.config?x=bd46548257448703
dashboard link: https://syzkaller.appspot.com/bug?extid=d0f27d9af17914bf253b
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=124cc6a5900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11436195900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d0f27d...@syzkaller.appspotmail.com
------------[ cut here ]------------
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 0 PID: 118 at lib/refcount.c:25 refcount_warn_saturate+0x169/0x1e0 lib/refcount.c:25
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 118 Comm: kworker/u4:3 Not tainted 5.9.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: qrtr_ns_handler qrtr_ns_worker
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fd lib/dump_stack.c:118
panic+0x347/0x7c0 kernel/panic.c:231
__warn.cold+0x20/0x46 kernel/panic.c:600
report_bug+0x1bd/0x210 lib/bug.c:198
handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234
exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254
asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:refcount_warn_saturate+0x169/0x1e0 lib/refcount.c:25
Code: 07 31 ff 89 de e8 e7 df d8 fd 84 db 0f 85 36 ff ff ff e8 9a e3 d8 fd 48 c7 c7 00 dc 93 88 c6 05 67 18 12 07 01 e8 09 e7 a9 fd <0f> 0b e9 17 ff ff ff e8 7b e3 d8 fd 0f b6 1d 4c 18 12 07 31 ff 89
RSP: 0018:ffffc900013479d8 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff8880a8dd4000 RSI: ffffffff815db9a7 RDI: fffff52000268f2d
RBP: 0000000000000002 R08: 0000000000000001 R09: ffff8880ae620f8b
R10: 0000000000000000 R11: 0000000038313154 R12: ffff88821b0f4040
R13: ffff888095619c00 R14: ffff8880a87eb7f0 R15: ffff8880a87eb7f4
refcount_add include/linux/refcount.h:204 [inline]
refcount_inc include/linux/refcount.h:241 [inline]
kref_get include/linux/kref.h:45 [inline]
qrtr_node_acquire net/qrtr/qrtr.c:196 [inline]
qrtr_node_lookup net/qrtr/qrtr.c:388 [inline]
qrtr_send_resume_tx net/qrtr/qrtr.c:980 [inline]
qrtr_recvmsg+0x845/0x970 net/qrtr/qrtr.c:1043
sock_recvmsg_nosec net/socket.c:885 [inline]
sock_recvmsg net/socket.c:903 [inline]
sock_recvmsg net/socket.c:899 [inline]
kernel_recvmsg+0x110/0x160 net/socket.c:928
qrtr_ns_worker+0x15a/0x14fc net/qrtr/ns.c:624
process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Shutting down cpus with NMI
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Sep 8, 2020, 1:34:08 AM9/8/20
to anant.th...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KASAN: use-after-free Read in qrtr_node_enqueue
==================================================================
BUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:56 [inline]
BUG: KASAN: use-after-free in atomic64_read include/asm-generic/atomic-instrumented.h:837 [inline]
BUG: KASAN: use-after-free in atomic_long_read include/asm-generic/atomic-long.h:29 [inline]
BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0x8e/0x610 kernel/locking/mutex.c:1237
Read of size 8 at addr ffff8880a65abc00 by task kworker/u4:1/21
CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.9.0-rc4-syzkaller #0
__kasan_report mm/kasan/report.c:513 [inline]
kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
check_memory_region_inline mm/kasan/generic.c:186 [inline]
check_memory_region+0x13d/0x180 mm/kasan/generic.c:192
instrument_atomic_read include/linux/instrumented.h:56 [inline]
atomic64_read include/asm-generic/atomic-instrumented.h:837 [inline]
atomic_long_read include/asm-generic/atomic-long.h:29 [inline]
__mutex_unlock_slowpath+0x8e/0x610 kernel/locking/mutex.c:1237
qrtr_node_enqueue+0x729/0x1240 net/qrtr/qrtr.c:367
qrtr_send_resume_tx net/qrtr/qrtr.c:992 [inline]
qrtr_recvmsg+0x6ad/0x850 net/qrtr/qrtr.c:1043
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
kasan_set_track mm/kasan/common.c:56 [inline]
__kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:461
kmem_cache_alloc_trace+0x174/0x2c0 mm/slab.c:3550
kmalloc include/linux/slab.h:554 [inline]
kzalloc include/linux/slab.h:666 [inline]
qrtr_endpoint_register+0x81/0x530 net/qrtr/qrtr.c:557
qrtr_tun_open+0x14c/0x1b0 net/qrtr/tun.c:46
misc_open+0x372/0x4a0 drivers/char/misc.c:141
chrdev_open+0x266/0x770 fs/char_dev.c:414
do_dentry_open+0x4b9/0x11b0 fs/open.c:817
do_open fs/namei.c:3251 [inline]
path_openat+0x1b9a/0x2730 fs/namei.c:3368
do_filp_open+0x17e/0x3c0 fs/namei.c:3395
do_sys_openat2+0x16d/0x420 fs/open.c:1168
do_sys_open fs/open.c:1184 [inline]
__do_sys_openat fs/open.c:1200 [inline]
__se_sys_openat fs/open.c:1195 [inline]
__x64_sys_openat+0x13f/0x1f0 fs/open.c:1195
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Freed by task 8060:
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
kasan_set_track+0x1c/0x30 mm/kasan/common.c:56
kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355
__kasan_slab_free+0xd8/0x120 mm/kasan/common.c:422
__cache_free mm/slab.c:3418 [inline]
kfree+0x10e/0x2b0 mm/slab.c:3756
__qrtr_node_release+0x2ee/0x3b0 net/qrtr/qrtr.c:189
kref_put_mutex include/linux/kref.h:76 [inline]
qrtr_node_release net/qrtr/qrtr.c:205 [inline]
qrtr_node_release net/qrtr/qrtr.c:201 [inline]
qrtr_endpoint_unregister+0x3a2/0x410 net/qrtr/qrtr.c:615
qrtr_tun_release+0x37/0x60 net/qrtr/tun.c:115
__fput+0x285/0x920 fs/file_table.c:281
task_work_run+0xdd/0x190 kernel/task_work.c:141
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:163 [inline]
exit_to_user_mode_prepare+0x1e1/0x200 kernel/entry/common.c:190
syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:265
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The buggy address belongs to the object at ffff8880a65abc00
which belongs to the cache kmalloc-512 of size 512
The buggy address is located 0 bytes inside of
512-byte region [ffff8880a65abc00, ffff8880a65abe00)
The buggy address belongs to the page:
page:00000000b42fe1d4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa65ab
flags: 0xfffe0000000200(slab)
raw: 00fffe0000000200 ffffea0002a5b108 ffffea00029edb88 ffff8880aa040600
raw: 0000000000000000 ffff8880a65ab000 0000000100000004 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8880a65abb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8880a65abb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8880a65abc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8880a65abc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8880a65abd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Tested on:
commit: f4d51dff Linux 5.9-rc4
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=11f37335900000
kernel config: https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KASAN: use-after-free Read in qrtr_node_enqueue
==================================================================
BUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:56 [inline]
BUG: KASAN: use-after-free in atomic64_read include/asm-generic/atomic-instrumented.h:837 [inline]
BUG: KASAN: use-after-free in atomic_long_read include/asm-generic/atomic-long.h:29 [inline]
BUG: KASAN: use-after-free in __mutex_unlock_slowpath+0x8e/0x610 kernel/locking/mutex.c:1237
Read of size 8 at addr ffff8880a65abc00 by task kworker/u4:1/21
CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: qrtr_ns_handler qrtr_ns_worker
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fd lib/dump_stack.c:118
print_address_description.constprop.0.cold+0xae/0x497 mm/kasan/report.c:383
Workqueue: qrtr_ns_handler qrtr_ns_worker
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fd lib/dump_stack.c:118
__kasan_report mm/kasan/report.c:513 [inline]
kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
check_memory_region_inline mm/kasan/generic.c:186 [inline]
check_memory_region+0x13d/0x180 mm/kasan/generic.c:192
instrument_atomic_read include/linux/instrumented.h:56 [inline]
atomic64_read include/asm-generic/atomic-instrumented.h:837 [inline]
atomic_long_read include/asm-generic/atomic-long.h:29 [inline]
__mutex_unlock_slowpath+0x8e/0x610 kernel/locking/mutex.c:1237
qrtr_node_enqueue+0x729/0x1240 net/qrtr/qrtr.c:367
qrtr_send_resume_tx net/qrtr/qrtr.c:992 [inline]
qrtr_recvmsg+0x6ad/0x850 net/qrtr/qrtr.c:1043
sock_recvmsg_nosec net/socket.c:885 [inline]
sock_recvmsg net/socket.c:903 [inline]
sock_recvmsg net/socket.c:899 [inline]
kernel_recvmsg+0x110/0x160 net/socket.c:928
qrtr_ns_worker+0x15a/0x14fc net/qrtr/ns.c:624
process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Allocated by task 8062:
sock_recvmsg net/socket.c:903 [inline]
sock_recvmsg net/socket.c:899 [inline]
kernel_recvmsg+0x110/0x160 net/socket.c:928
qrtr_ns_worker+0x15a/0x14fc net/qrtr/ns.c:624
process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
kthread+0x3b5/0x4a0 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
kasan_set_track mm/kasan/common.c:56 [inline]
__kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:461
kmem_cache_alloc_trace+0x174/0x2c0 mm/slab.c:3550
kmalloc include/linux/slab.h:554 [inline]
kzalloc include/linux/slab.h:666 [inline]
qrtr_endpoint_register+0x81/0x530 net/qrtr/qrtr.c:557
qrtr_tun_open+0x14c/0x1b0 net/qrtr/tun.c:46
misc_open+0x372/0x4a0 drivers/char/misc.c:141
chrdev_open+0x266/0x770 fs/char_dev.c:414
do_dentry_open+0x4b9/0x11b0 fs/open.c:817
do_open fs/namei.c:3251 [inline]
path_openat+0x1b9a/0x2730 fs/namei.c:3368
do_filp_open+0x17e/0x3c0 fs/namei.c:3395
do_sys_openat2+0x16d/0x420 fs/open.c:1168
do_sys_open fs/open.c:1184 [inline]
__do_sys_openat fs/open.c:1200 [inline]
__se_sys_openat fs/open.c:1195 [inline]
__x64_sys_openat+0x13f/0x1f0 fs/open.c:1195
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Freed by task 8060:
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:48
kasan_set_track+0x1c/0x30 mm/kasan/common.c:56
kasan_set_free_info+0x1b/0x30 mm/kasan/generic.c:355
__kasan_slab_free+0xd8/0x120 mm/kasan/common.c:422
__cache_free mm/slab.c:3418 [inline]
kfree+0x10e/0x2b0 mm/slab.c:3756
__qrtr_node_release+0x2ee/0x3b0 net/qrtr/qrtr.c:189
kref_put_mutex include/linux/kref.h:76 [inline]
qrtr_node_release net/qrtr/qrtr.c:205 [inline]
qrtr_node_release net/qrtr/qrtr.c:201 [inline]
qrtr_endpoint_unregister+0x3a2/0x410 net/qrtr/qrtr.c:615
qrtr_tun_release+0x37/0x60 net/qrtr/tun.c:115
__fput+0x285/0x920 fs/file_table.c:281
task_work_run+0xdd/0x190 kernel/task_work.c:141
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:163 [inline]
exit_to_user_mode_prepare+0x1e1/0x200 kernel/entry/common.c:190
syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:265
entry_SYSCALL_64_after_hwframe+0x44/0xa9
The buggy address belongs to the object at ffff8880a65abc00
which belongs to the cache kmalloc-512 of size 512
The buggy address is located 0 bytes inside of
512-byte region [ffff8880a65abc00, ffff8880a65abe00)
The buggy address belongs to the page:
page:00000000b42fe1d4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa65ab
flags: 0xfffe0000000200(slab)
raw: 00fffe0000000200 ffffea0002a5b108 ffffea00029edb88 ffff8880aa040600
raw: 0000000000000000 ffff8880a65ab000 0000000100000004 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8880a65abb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8880a65abb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8880a65abc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8880a65abc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8880a65abd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Tested on:
commit: f4d51dff Linux 5.9-rc4
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=11f37335900000
kernel config: https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9
dashboard link: https://syzkaller.appspot.com/bug?extid=d0f27d9af17914bf253b
compiler: gcc (GCC) 10.1.0-syz 20200507
patch: https://syzkaller.appspot.com/x/patch.diff?x=15f11bcd900000
compiler: gcc (GCC) 10.1.0-syz 20200507
syzbot
Sep 8, 2020, 4:01:06 PM9/8/20
to anant.th...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+d0f27d...@syzkaller.appspotmail.com
Tested on:
commit: 34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git...
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+d0f27d...@syzkaller.appspotmail.com
Tested on:
commit: 34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git...
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
kernel config: https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9
dashboard link: https://syzkaller.appspot.com/bug?extid=d0f27d9af17914bf253b
compiler: gcc (GCC) 10.1.0-syz 20200507
patch: https://syzkaller.appspot.com/x/patch.diff?x=13dcf29e900000
dashboard link: https://syzkaller.appspot.com/bug?extid=d0f27d9af17914bf253b
compiler: gcc (GCC) 10.1.0-syz 20200507
Note: testing is done by a robot and is best-effort only.
syzbot
Sep 8, 2020, 5:20:11 PM9/8/20
to drago...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+d0f27d...@syzkaller.appspotmail.com
Tested on:
commit: 34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git...
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
kernel config: https://syzkaller.appspot.com/x/.config?x=f54a4eb6511f301a
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+d0f27d...@syzkaller.appspotmail.com
Tested on:
commit: 34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git...
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
dashboard link: https://syzkaller.appspot.com/bug?extid=d0f27d9af17914bf253b
compiler: gcc (GCC) 10.1.0-syz 20200507
patch: https://syzkaller.appspot.com/x/patch.diff?x=1720e17d900000
compiler: gcc (GCC) 10.1.0-syz 20200507
syzbot
Sep 8, 2020, 5:38:05 PM9/8/20
to drago...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+d0f27d...@syzkaller.appspotmail.com
Tested on:
commit: 34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git...
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
kernel config: https://syzkaller.appspot.com/x/.config?x=f54a4eb6511f301a
dashboard link: https://syzkaller.appspot.com/bug?extid=d0f27d9af17914bf253b
compiler: gcc (GCC) 10.1.0-syz 20200507
patch: https://syzkaller.appspot.com/x/patch.diff?x=131b8829900000
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+d0f27d...@syzkaller.appspotmail.com
Tested on:
commit: 34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git...
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
kernel config: https://syzkaller.appspot.com/x/.config?x=f54a4eb6511f301a
dashboard link: https://syzkaller.appspot.com/bug?extid=d0f27d9af17914bf253b
compiler: gcc (GCC) 10.1.0-syz 20200507
Message has been deleted
Eric Biggers
Sep 8, 2020, 7:15:45 PM9/8/20
to Anant Thazhemadam, syzkaller-bugs
On Tue, Sep 08, 2020 at 03:54:26PM -0700, Anant Thazhemadam wrote:
>
> Setting the ARCH_QCOM option to true while building the kernel seems to
> resolve this issue
> (among a few others that were recently detected too, as I've come to
> discover).
> I've a patch for this, have tested this, and it seems to work without a
> hitch to me,
> As I understand it, the ARCH_QCOM was removed as a dependency for QRTR
> option since
> IPC Router protocol is also used by external modems as well and
> doesn't always depend on
> Qualcomm platforms.
> This seems to be a valid enough reason, but I would like to know if it's so
> valid that it cannot be
> overridden, and ARCH_QCOM cannot be re-introduced as a dependency for
> QRTR; even if it
> means fixing at least 3 bugs (that I have come across so far).
>
What do you mean by "setting the ARCH_QCOM option to true"?
If you mean adding back "depends on ARCH_QCOM" to QRTR, that would just make the
code unbuildable on most platforms, and syzbot would stop testing it.
Making the code unbuildable would stop the bug reports, but it wouldn't actually
fix the bugs...
- Eric
>
> Setting the ARCH_QCOM option to true while building the kernel seems to
> resolve this issue
> (among a few others that were recently detected too, as I've come to
> discover).
> I've a patch for this, have tested this, and it seems to work without a
> hitch to me,
> As I understand it, the ARCH_QCOM was removed as a dependency for QRTR
> option since
> IPC Router protocol is also used by external modems as well and
> doesn't always depend on
> Qualcomm platforms.
> This seems to be a valid enough reason, but I would like to know if it's so
> valid that it cannot be
> overridden, and ARCH_QCOM cannot be re-introduced as a dependency for
> QRTR; even if it
> means fixing at least 3 bugs (that I have come across so far).
>
What do you mean by "setting the ARCH_QCOM option to true"?
If you mean adding back "depends on ARCH_QCOM" to QRTR, that would just make the
code unbuildable on most platforms, and syzbot would stop testing it.
Making the code unbuildable would stop the bug reports, but it wouldn't actually
fix the bugs...
- Eric
Anant Thazhemadam
Sep 8, 2020, 7:43:40 PM9/8/20
to Eric Biggers, syzkaller-bugs
able to build the code in the first place. Thank you
Reply all
Reply to author
Forward
0 new messages